#!/bin/bash # # /etc/rc.d/init.d/cryptostuff # # Sets up basic disk encryption # # chkconfig: 2345 01 99 # description: Initiates swap on an encrypted device; mounts /tmp and /var/tmp as tmpfs # Hacked together by Troels Arvin SWAP_DEV=/dev/hda3 SWAP_MAPPED=/dev/mapper/swap SWAP_NAME=swap # Source function library. . /etc/rc.d/init.d/functions servicename=cryptostuff RETVAL=0 # # See how we were called. # bail_out() { echo "Error: $1; exiting" exit 1 } start() { echo -n $"Setting up encrypted swap: " if [ ! -e $SWAP_MAPPED ]; then cryptsetup -d /dev/random create $SWAP_NAME $SWAP_DEV || bail_out "Couldn't setup randomly encrypted swap device" mkswap $SWAP_MAPPED || bail_out "Couldn't create swap partition on encrypted device" fi if (swapon -s | fgrep -q $SWAP_MAPPED); then echo -n $"Swap already mounted" echo_success else if (swapon $SWAP_MAPPED); then echo_success else echo_failure RETVAL=1 fi fi echo echo -n $"Setting up /tmp and /var/tmp, if not already active: " if ! grep -q '^tmpfs[[:blank:]]\+/tmp' /etc/fstab; then echo 'tmpfs /tmp tmpfs defaults 0 0' >> /etc/fstab fi if ! grep -q '^tmpfs[[:blank:]]\+/tmp' /proc/mounts; then mount /tmp fi chmod 01777 /tmp [ -d /tmp/var ] || mkdir /tmp/var chmod 01777 /tmp/var ls -dZ /tmp | fgrep -q ':tmp_t' || chcon -R system_u:object_r:tmp_t /tmp mount | grep -q '^/tmp/var on /var/tmp' || mount --bind /tmp/var /var/tmp echo [ $RETVAL -eq 0 ] && echo_success [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$servicename return $RETVAL } stop() { echo -n $"Stopping basic disk encryption: " umount /var/tmp umount /tmp if (swapon -s | fgrep -q $SWAP_MAPPED); then if swapoff $SWAP_MAPPED; then cryptsetup remove $SWAP_NAME || echo "Warning: Couldn't perform 'cryptsetup remove'" else bail_out "Couldn't perform swapoff(!)" fi else echo -n "Not mounted" fi if [ $RETVAL -eq 0 ]; then echo_success else echo_failure fi echo [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$servicename return $RETVAL } restart() { stop start } case "$1" in start) start ;; stop) stop ;; restart) restart ;; condrestart) if [ -f /var/lock/subsys/$servicename ]; then restart fi ;; status) ;; *) echo $"Usage: $0 {start|stop|status|restart|condrestart}" exit 1 esac exit $RETVAL